Package 1: Business Impact Analysis Long Version Template Suite
This BIA Plan template can be used by any organization. Refer to other packages for additional supporting documents for a complete Enterprise-wide Business Impact Analysis.
- Conducting a Business Impact Analysis Guide (23 pages)
The purpose of this document is to help businesses conduct a Business Impact Analysis (BIA), which identifies the business’s critical processes, required resources for each process and the order in which processes need to be recovered. This document provides guidance on how to conduct the BIA, analyze the information that is collected, and report the findings of the assessment. The following documents are available to help the business complete the assessment:
- Business Impact Analysis Template (both short and long versions)
- Application & Data Criticality Template
- Final Business Unit Report Template
- Final Executive Management Report Template
- Examples of Impact
The Business Impact Analysis is only a part of the overall Business Assessment. A Business Assessment is separated into two constituents, Risk Assessment and Business Impact Analysis (BIA). The Risk Assessment is intended to measure present vulnerabilities to the business’s environment, while the Business Impact Analysis evaluates probable loss that could result during a disaster. To maximize the Business Impact Analysis, a Risk Assessment should also be completed.
Due to HIPAA Security Rule regulations, the organization must implement Contingency Planning Practices to ensure the protection of ePHI (electronic Protected Health Information). In order to accomplish this undertaking, there are several steps that organization will be completing to identify critical business functions, processes, and applications that process ePHI and to understand the potential impact to the business if a disruptive event occurred.
The first step of implementing the Contingency Program for the organization is to conduct a Business Impact Analysis (BIA). This questionnaire will help each business unit identify their critical business functions and recovery requirements as well as estimating the impact of a disaster (or prolonged outage) to the business unit. Once the survey is completed, the BIA Project team will review the data, analyze and create a prioritized recovery strategy to present to senior management.
For the purpose of this BIA, answer each question based on the “worst-case scenario”. This means your workplace and all records; files and equipment in it are inaccessible. The priority of this questionnaire is to identify any business process or application that currently contains ePHI. However, please answer all questions regardless of ePHI status. By completing all questions to the best of your knowledge, a recovery strategy that best meets the need of the business can be established.
Some questions will be directly related to a specific process whereas other questions are of the business unit in general. Some sections contain an additional “Notes” area to amplify or explain your responses. While this is not a requirement, it can be useful in helping the Project Team understand the nature of your business unit operations.
- Example of Completed Long Version BIA (24 pages)
To view a specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.
To buy individual template packages, visit following links:
Business Impact Analysis Guide